<html>
<head><meta charset="utf-8"><title>bcrypt hash question · general · Zulip Chat Archive</title></head>
<h2>Stream: <a href="https://rust-lang.github.io/zulip_archive/stream/122651-general/index.html">general</a></h2>
<h3>Topic: <a href="https://rust-lang.github.io/zulip_archive/stream/122651-general/topic/bcrypt.20hash.20question.html">bcrypt hash question</a></h3>

<hr>

<base href="https://rust-lang.zulipchat.com">

<head><link href="https://rust-lang.github.io/zulip_archive/style.css" rel="stylesheet"></head>

<a name="218946897"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/122651-general/topic/bcrypt%20hash%20question/near/218946897" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Milind Patil <a href="https://rust-lang.github.io/zulip_archive/stream/122651-general/topic/bcrypt.20hash.20question.html#218946897">(Dec 05 2020 at 18:32)</a>:</h4>
<p>Hi, I am using extern crate bcrypt with hash,verify, etc. When I hash a value say password, the hash value is different each time, even though the input string did not change. If it is different each time, how do I compare say the passwords if try to verify the entered password matches the stored hash value? I know the verify function will do it for me, but for my understanding why is it not hashing to the same value for the same input sting. <br>
Thanks!</p>



<a name="218947109"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/122651-general/topic/bcrypt%20hash%20question/near/218947109" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> nagisa <a href="https://rust-lang.github.io/zulip_archive/stream/122651-general/topic/bcrypt.20hash.20question.html#218947109">(Dec 05 2020 at 18:37)</a>:</h4>
<blockquote>
<p>The salt is generated randomly using the OS randomness</p>
</blockquote>



<a name="218947114"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/122651-general/topic/bcrypt%20hash%20question/near/218947114" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> nagisa <a href="https://rust-lang.github.io/zulip_archive/stream/122651-general/topic/bcrypt.20hash.20question.html#218947114">(Dec 05 2020 at 18:37)</a>:</h4>
<p>From <a href="https://docs.rs/bcrypt/0.9.0/bcrypt/fn.hash.html">https://docs.rs/bcrypt/0.9.0/bcrypt/fn.hash.html</a></p>



<a name="218947185"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/122651-general/topic/bcrypt%20hash%20question/near/218947185" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> nagisa <a href="https://rust-lang.github.io/zulip_archive/stream/122651-general/topic/bcrypt.20hash.20question.html#218947185">(Dec 05 2020 at 18:39)</a>:</h4>
<p>Like you said what you want to do is <code>h = save(hash(p))</code> when password is set, and save the <code>h</code> somewhere. Then <code>verify(p', h)</code> when you need to check if the password entered <code>p'</code> was the same as <code>p</code> when you originally generated the saved <code>h</code>. <code>verify</code> will be able to extract the salt from saved <code>h</code> itself.</p>



<hr><p>Last updated: Aug 07 2021 at 22:04 UTC</p>
</html>